[Seattle-SAGE] hostname survey

lamont at scriptkiddie.org lamont at scriptkiddie.org
Fri May 27 00:01:16 PDT 2005


kerberos canonicalization does roughly this, and should give a canonical 
FQDN for the host:

gethostbyaddr(gethostbyname(`/bin/hostname`))

if /bin/hostname does not return a FQDN and that matches the 127.0.0.1 
line in /etc/hosts and gethostbyaddr on 127.0.0.1 hits that /etc/hosts 
line the other way to give the short version, the above will give 
host/<shortname>@REALM instead of host/<FQDN>@REALM.  i haven't tested 
this exact use case, but i believe that's how it'll work...

if i want to use kerberos, i don't believe i can use your method.

in fairness, the kerberos sources note that this is broken.

if you don't care about kerberos you may not care about that...

...

also, its very nice if /bin/hostname produces a "globally unique id" which 
you can use in host management tools.  there might be better ways to 
manage that, but this approach is simple and stupid and everyone in your 
organization can understand it, so it scales fairly well.  if you're the 
only sysadmin at your site this isn't a big deal and there might be better 
approaches, but if you've got 20+ system admins and a few dozen developers 
who at any time might be writing systems code it leads to a simple and 
useful convention.

On Thu, 26 May 2005, Brian Hatch wrote:
> Too many problems have been caused by having FQDNs locally that didn't
> match DNS, so you have different results than other machines when trying
> to find you.  This is annoying.

so fix that.  manage your DNS information better, don't screw up your 
hostname to try to patch over bad DNS management.

...

thinking more about this issue, if you can't trust DNS for accurate 
canonicalization, and /bin/hostname doesn't produce canonicalization then 
you probably can't trust that any FQDN is canonical for your host.  you 
might have some kind of site-wide convention which canonicalizes hosts 
which doesn't rely on DNS, but if you've got your shit together enough to 
do that, you could have fixed DNS to begin with, so I don't see that 
happening.  the end result is that you're left with no canonicalization 
and you probably wind up with systems databases (e.g. asset tracking 
databases, etc) which have short hostnames in them, and I really, really 
hate that.  even if you make short hostnames unique site-wide (also a good 
idea), i still hate it because you can't grab hostnames out of the 
database and connect to the host without magic to find the FQDN.  the 
convention that /bin/hostname returns a canonical FQDNs is so much 
cleaner.  then you just make sure that your databases (DNS, assets) 
reflect existing state by either fixing the databases or fixing the local 
hostname.

you can always work around this to try to make your hostnames short, but i 
don't see the point, and if you're capable of doing that level of work, 
just fix DNS.




More information about the Members mailing list